Gordon Campbell | Parliament TV | Parliament Today | News Video | Crime | Employers | Housing | Immigration | Legal | Local Govt. | Maori | Welfare | Unions | Youth | Search


Financial malware more than twice as prevalent as ransomware

Symantec Security Response

Financial malware more than twice as prevalent as ransomware

Three Trojans dominated the financial threat landscape in 2016 and attackers increased their focus on corporate finance departments

With all the attention ransomware is getting it’s easy to overlook other threats, such as those that target the financial sector and its customers. However, these types of threats are a serious and costly problem for both businesses and consumers. Financial threats tend to get less news coverage than ransomware, but they are far more prevalent. With over 1.2 million annual detections, the financial threat space is 2.5 times bigger than that of ransomware. For example, the financial Trojan Ramnit’s (W32.Ramnit) total number of detections for 2016 approximately equalled all ransomware detections combined.

Although we have seen a 36 percent decrease in global detection numbers for financial malware in 2016, this is mainly attributed to earlier blocking in the attack chain and a switch to more focused attacks. But don’t be mistaken, financial threats are still profitable and continue to be popular among cyber criminals. From financial Trojans that attack online banking, to attacks against ATMs, point of sale (POS) machines, and fraudulent interbank transactions, there are many different attack vectors utilised by criminals.

Triple trouble

Three malware families ruled the financial threat space in 2016; Ramnit, Bebloh (Trojan.Bebloh), and Zeus (Trojan.Zbot), who together were responsible for 86 percent of all global detection counts.

In the second half of 2016 Trojan.Bebloh and Trojan.Snifula both began focusing on 20 banks in Japan. Both threats were spread through spam emails with double extension attachments masquerading as scanned documents — earlier variants used web exploit toolkits. It is unclear why the two threats both started targeting banks in Japan at the same time; however, they seem to share a common resource for dynamic web injects, allowing attackers to manipulate web traffic on the fly.

Special treatment

The attackers are interested in learning more about their victims. The Dridex downloader (W32.Cridex), checks installed software lists for financial software packages. If anything is found, like an offline payment tool, the computer is accessed manually through a remote access tool such as a hidden virtual network computing (VNC) server. The attacker will then study the compromised computer and learn what software is used and work out ways to carry out fraudulent transactions.

© Scoop Media

Parliament Headlines | Politics Headlines | Regional Headlines

Turei To Be Interviewed By MSD: Gordon Campbell On The Real Truth Deficit In Welfare

It has been astonishing to see the amount of time and energy being spent on what Greens co-leader Metiria Turei did or didn’t do properly as a beneficiary back in the early 1990s – as compared to how little time and energy is being put into the point of her personal example.

Turei was citing her case in order to query whether much has changed – especially when it comes down to whether the current benefit levels and targeting rules at WINZ are helping or hindering today’s beneficiaries to escape from poverty. More>>


Gordon Campbell: On The Bojo Visit

British Foreign Minister Boris Johnson is in town, just over a year since his political career peaked… and then wobbled off into a grey zone of indecision… Currently, Johnson is touring the former colonies, talking up the historical ties. More>>


Tertiary Ed: Government Responds To Productivity Commission

The work programme will focus on four key areas. • Creating a more student-centred system • Meeting the needs of industry through relevant, responsive, and supportive teaching • Improving performance across the system • Enabling and encouraging innovative new models and providers More>>


PM's Science Advisor: Youth Suicide In NZ Discussion Paper

The paper discusses the multiple factors involved in youth suicide and possible and evidence-based approaches to prevention. It points out the very different context in which young people now live their lives and the challenges of the transition from childhood to adulthood. More>>


Drug Deaths: Accurate Information Is Vital

Drug Foundation: The spike in hospital admissions and reported deaths in Auckland as a result of people taking unknown substances is not being helped by an information vacuum. More>>


Backing Dunne & Seymour: National Signals Election Intentions

“We are encouraging National supporters to give their electorate vote to ACT candidate, David Seymour, in Epsom, and United Future candidate, Peter Dunne, in Ohariu – and their party vote to National." More>>


Climate Policy: Govt's New Proposals For ETS

“Last year, as a result of stage one of the review, we announced the phase out of the one-for-two measure in the ETS. I am now announcing further changes as a result of stage two of the review.” More>>


PM's Press Conference: Boris, Infrastructure, Immigration, Drugs

Prime Minister Bill English opened this week's post-cabinet press conference by revisiting that day's announcement of 'Crown Infrastructure Partners'... More>>




Featured InfoPages

Opening the Election